The DAO Bytecode Tour for the Skeptic (Part 1)

Now the Ethereum blockchain contans the bytecode for “The DAO”. This bytecode manages 100 million dollars worth of Eth. DAOhub has described how to produce the DAO’s bytecode deployed at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413, but the skeptic can still keep asking. Maybe there is a buggy optimization and some condition checking is missing in the bytecode. Why can’t we just read the bytecode and see what it does?

The function follows the structure.

Well we can. Below is a quickly composed journal doing so. I’ve only covered the initial two kilobytes out of the eleven kilobytes, but I’ve identified all the entry points as the interface functions. So at least I can tell you what function starts where in the bytecode.

Technically, I’ve dissected the whole bytecode into snippets called the basic blocks. When the EVM executes the bytecode, it runs through the code from the beginning towards the end, however sometimes, after “JUMP” or “JUMPI” instructions, the EVM can jump to a distant location in the bytecode. A basic block is a sequence of instructions, where no execution jumps in or out.

During the first 500 bytes or so, the bytecode detects which function is being called and jumps into them.

Position 0, “0x6060604052361561020e57”

Here is the single entry point for the bytecode. Every execution starts from here. This first snippet translates to instructions

PUSH_N “0x60” :: PUSH_N “0x40” :: MSTORE :: CALLDATASIZE :: ISZERO :: PUSH_N “0x020e” :: JUMPI,

whose effect is, firstly, writing a word “0x40” to the memory at index “0x60–0x79”; and secondly jumping to position 526 if the input data is empty (at that position we should see the code for the default function). After this block, the stack and the storage remains the same as they were initially.

Position 11, “0x60e060020a6000350463013cf08b811461024757”

This snippet translates to instructions

PUSH_N “0xe0” :: PUSH_N “0x02” :: EXP :: PUSH_N “0x00” :: CALLDATALOAD
 :: DIV :: PUSH_N “0x013cf08b” :: DUP2 :: EQ :: PUSH_N “0x0247” :: JUMPI,

whose effect is, reading one word from position [0–31] from the input data, divide it by “2 ^ 0xe0”, and if the result is equal to “0x013cf08b” for “proposals(uint256)”, jumping to position 583. We will see what the code does there.

At the end of this snippet, if a jump happens or not, the stack contains a new additional element: the first word in the input divided by “2 ^0xeo”. The storage and the memory remain the same.

Position 31, “0x8063095ea7b3146102d057”

You might have guessed that around here in the beginning of the execution, the code is in the dispatching mode. It tries to find the user’s input that specifies the function they are trying to execute, and jumps to the function.

This third snippet translates to these instructions:

DUP1 :: PUSH_N “0x095ea7b3” :: EQ :: PUSH_N “0x02d0” :: JUMPI,

If the first stack element is equal to “0x095ea7b3” (which is the SHA3–256 hash of “approve(address,uint256)”) the execution jumps to position 720. Otherwise continue below. In any case, the stack element is duplicated so that the stack remains the same. The memory and the storage are kept untouched.

Position 42, “0x80630c3b7b961461034557”

This one is very similar,

DUP1 :: PUSH_N “0x0c3b7b96” :: EQ :: PUSH_N “0x0345” :: JUMPI

If the user said “0x0c3b7b96” (“minTokensToCreate()”) jump to position 837, otherwise continue below. The stack, the memory or the storage does not change.

Position 53, “0x80630e7082031461034e57”

This is again very similar. The execution might jump to position 847 (for function “0x0e708203”) or continue below. Nothing changes.

Position 64, “0x8063149acf9a1461036057”

The same. The execution might jump to position 864 for function (for function “0x149acf9a”).

Position 75, “0x806318160ddd1461037257”

The execution might jump to position 882 (for function “totalSupply()”).

Position 86, “0x80631f2dc5ef1461037b57”

Well, this is getting daunting. I don’t remember precisely where Donald Knuth was asked about what kind of talents are required as computer scientists. I remember one answer was the ability to follow vast case analysis. The execution might jump to position 891 (for function “divisor()”).

Position 97, “0x806321b5b8dd1461039b57” and on

I think it’s easy enough to follow this repetitive pattern in the original byte code anyway, so I just tell you what happens in this dispatching area. The execution might jump to positions

  • 923 (for “extraBalance()”)
  • 941 (for “executeProposal(uint256,bytes)”)
  • 1038 (for “transferFrom(address,address,uint256)”)
  • 1089 (for “unblockMe()”)
  • 1138 (for “totalRewardToken()”)
  • 1147 (for “actualBalance()”)
  • 1171 (for “closingTime()”)
  • 1180 (for “allowedRecipients(address)”)
  • 1207 (for “transferWithoutReward(address,uint256)”)
  • 1226 (for “refund()”)
  • 1243 (for “newProposal(address,uint256,string,bytes,uint256,bool)”)
  • 1402 (for “DAOpaidOut(address)”)
  • 1426 (for “minQuorumDivisor()”)
  • 1435 (for “newContract(address)”)
  • 1509 (for “balanceOf(address)”)
  • 1547 (for “changeAllowedRecipients(address,bool)”)
  • 1572 (for “halveMinQuorum()”)
  • 1662 (for “paidOut(address)”)
  • 1686 (for “splitDAO(uint256,address)”)
  • 1719 (for “DAOrewardAccount()”)
  • 1737 (for “proposalDeposit()”)
  • 1746 (for “numberOfProposals()”)
  • 1761 (for “lastTimeMinQuorumMet()”)
  • 1770 (for “retrieveDAOReward(bool)”)
  • 1796 (for “receiveEther()”)
  • 1807 (for “transfer(address,uint256)”)
  • 1855 (for “isFueled()”)
  • 1867 (for “createTokenProxy(address)”)
  • 1969 (for “getNewDAOAddress(uint256)”)
  • 2071 (for “vote(uint256,bool)”)
  • 2093 (for “getMyReward()”)
  • 2113 (for “rewardToken(address)”)
  • 2137 (for “transferFromWithoutReward(address,address,uint256)”)
  • 2174 (for “allowance(address,address)”)
  • 2226 (for “changeProposalDeposit(uint256)”)
  • 2246 (for “blocked(address)”)
  • 2270 (for “curator()”)
  • 2288 (for “checkProposalCode(uint256,address,uint256,bytes)”)
  • 2383 (for “privateCreation()”). And the stack, the memory, or the storage does not change.

All entry points have been identified.

Position 526, “0x5b610966600f546000906234bc00014210801561023957”

Remember? This position is supposed to lead the default function. The snippet translates to

JUMPDEST :: PUSH_N “0x0966” :: PUSH_N “0x0f” :: SLOAD :: PUSH_N “0x00”
 :: SWAP1 :: PUSH_N “0x34bc00” :: ADD :: TIMESTAMP :: LT :: DUP1 :: ISZERO
 :: PUSH_N “0x0239” :: JUMPI

It’s a good sign that this snippet starts with “JUMPDEST”. The execution can only jump into a “JUMPDEST”. And here the code starts to be interesting. Look at the “TIMESTAMP”. This is the bytecode instruction for retrieving the current time.

The code reads the storage at index “0x0f”, adds 3456000, and compares the sum with the current time. Then, if the current time is too late, the execution jumps to position 569. If the current time is early enough, the code falls through. This sounds a bit similar to the default function.

This snippet does not change the memory or the storage, but changes the stack. After this snippet, the first element is the result of the comparison, the second element is 0, the third element is 2406, and the original stack content (at the time of entry to this snippet) follows.

Position 549, “0x5060125433600160a060020a0390811691161415”,

This should be the continuation of the default function. The snippet translates to

POP :: PUSH_N “0x12” :: SLOAD :: CALLER :: PUSH_N “0x01” :: PUSH_N “0xa0” :: PUSH_N “0x02” :: EXP :: SUB :: SWAP1 :: DUP2 :: AND :: SWAP2
 :: AND :: EQ :: ISZERO,

which first throws away the uninteresting element from the stack. After that the code reads the storage at index 18, and compares it with the caller’s address (modulo 2¹⁶⁰). If equal zero is pushed to the stack; otherwise one.

This code does not change the memory or the storage. Here the execution is not branching, but my code delimiter cut it here because next comes a “JUMPDEST”.

Position 569, “0x5b1561097857”

The execution might fall through from above, but the first instruction is a “JUMPDEST”, so the execution might come from somewhere else.

JUMPDEST :: ISZERO :: PUSH_N “0x0978” :: JUMPI,

If the first element in the stack is not zero, the execution jumps to position 2424. Above we have pushed one if the caller’s address is different from something. So, I guess we are still in the if-condition on this line.

The code falls through if the caller does not have the particular address in the storage. This snippet consumes one stack element. It does not alter the memory or the storage.

Position 583, “0x5b61098660043560008054829081101561000257”

Here also comes a jump destination. Indeed we might jump here from position 11 (for “proposals(uint256)”).

JUMPDEST :: PUSH_N “0x0986” :: PUSH_N “0x04” :: CALLDATALOAD :: PUSH_N “0x00” :: DUP1 :: SLOAD :: DUP3 :: SWAP1 :: DUP2 :: LT :: ISZERO :: PUSH_N “0x0002” :: JUMPI,

The code reads the storage at index zero, compares it with the word at index 4 of the input data. If the user input is smaller, the execution jumps to position 2, causing an exception. Otherwise, the execution continues.

This snippet adds stack elements. The first element is the word at index 4 of the user data, the second element is zero, the third element is the same as the first, and the fourth element is 2438. The rest is the original stack.

Position 603,
 “0x50808052600e8202600080516020612a3683398151915201905060038101546004820154600683015460018401548454600786015460058701546009880154600a890154600d8a0154600160a060020a039586169b509599600201989760ff81811698610100909204811697949691951693168c56”

The snippet translates to a rather long sequence

POP :: DUP1 :: DUP1 :: MSTORE :: PUSH_N “0x0e” :: DUP3 :: MUL :: PUSH_N “0x00” :: DUP1 :: MLOAD :: PUSH_N “0x20” :: PUSH_N “0x2a36” :: DUP4 :: CODECOPY :: DUP2 :: MLOAD :: SWAP2 :: MSTORE :: ADD :: SWAP1 :: POP :: PUSH_N “0x03” :: DUP2 :: ADD :: SLOAD :: PUSH_N “0x04” :: DUP3 :: ADD :: SLOAD :: PUSH_N “0x06” :: DUP4 :: ADD :: SLOAD :: PUSH_N “0x01” :: DUP5 :: ADD :: SLOAD :: DUP5 :: SLOAD :: PUSH_N “0x07” :: DUP7 :: ADD :: SLOAD :: PUSH_N “0x05” :: DUP8 :: ADD :: SLOAD :: PUSH_N “0x09” :: DUP9 :: ADD :: SLOAD :: PUSH_N “0x0a” :: DUP10 :: ADD :: SLOAD :: PUSH_N “0x0d” :: DUP11 :: ADD :: SLOAD :: PUSH_N “0x01” :: PUSH_N “0xa0” :: PUSH_N “0x02” :: EXP :: SUB :: SWAP6 :: DUP7 :: AND :: SWAP12 :: POP :: SWAP6 :: SWAP10 :: PUSH_N “0x02” :: ADD :: SWAP9 :: SWAP8 :: PUSH_N “0xff” :: DUP2 :: DUP2 :: AND :: SWAP9 ::x PUSH_N “0x0100” :: SWAP1 :: SWAP3 :: DIV :: DUP2 :: AND :: SWAP8 :: SWAP5 :: SWAP7 :: SWAP2 :: SWAP6 :: AND :: SWAP4 :: AND :: DUP13 :: JUMP

At the end of this snippet, the execution jumps to position 2438.

The storage does not change. Something is written to the memory. At indices zero to 31, the word zero is written. And then, some code is copied to the same position, but it is overwritten with zero.

The stack changes too. This looks a bit complicated.

Position 720,
 “0x5b61096660043560243533600160a060020a03908116600081815260156020908152604080832094871680845294825280832086905580518681529051929493927f8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b925929181900390910190a3506001”

This is a jump destination from position 31. So this is the beginning of “approve(address,uint256).”

The stack gets additional four elements. The first element is one, the second is from the user’s input from index 36 to 51, the third is from index 4 to 35, the fourth is 2406. The memory and the storage change too, and an event is logged.

Position 831, “0x5b9291505056”,

This is the continuation of “approve()”, but this part looks like a general code for throwing away some elements of the stack and move away. The instructions look like this:

JUMPDEST :: SWAP3 :: SWAP2 :: POP :: POP :: JUMP

The second and the third elements of the stack are thrown away. And the execution jumps to the fourth element of the original stack. In case we are falling from the above snippet, the jump destination is now position 2406.

Position 837, “0x5b6109666010548156”

This snippet is for “minTokensToCreate()” and is also simple:

JUMPDEST :: PUSH_N “0x0966” :: PUSH_N “0x10” :: SLOAD :: DUP2 :: JUMP,

It’s a code for pushing something on the stack and jump to position 2406.

The first element becomes the value at index 16 in the storage. The second value is 2406. These two values are pushed on top of the original stack.

Position 846, “0x5b610a7d600754600160a060020a03168156”

This snippet is slightly more complicated but readable

JUMPDEST :: PUSH_N “0x0a7d” :: PUSH_N “0x07” :: SLOAD :: PUSH_N “0x01” :: PUSH_N “0xa0” :: PUSH_N “0x02” :: EXP :: SUB :: AND :: DUP2 :: JUMP

This is again pushing something on the stack and jumping to 2685. After this snippet, the first element of the stack is the value at index 7 in the storage (with some mask applied), and the second element is 2685. These two values are pushed on top of the original stack.

Position 864, “0x5b610a7d600e54600160a060020a03168156”,

This is a very similar gadget and this one also jumps to position 2685.

JUMPDEST :: PUSH_N “0x0a7d” :: PUSH_N “0x0e” :: SLOAD :: PUSH_N “0x01”
 :: PUSH_N “0xa0” :: PUSH_N “0x02” :: EXP :: SUB :: AND :: DUP2 :: JUMP

Instead of index 7, index 14 is taken from the storage. The rest is the same as above.

Position 882, “0x5b6109666016548156”,

This is the entry point for “totalSupply()”. This is also a small gadget for pushing something on the stack.

JUMPDEST :: PUSH_N “0x0966” :: PUSH_N “0x16” :: SLOAD :: DUP2 :: JUMP

After this, the stack has two additional elements on top of the original. The first element is the storage value at index 22, and the second element is 2406, after the execution jumps to 2406.

Position 891, “0x5b610966”,

This is the entry point for “divisor()”. This snippet just pushes 2406 on the stack.

JUMPDEST :: PUSH_N “0x0966”

The execution continues below.

Position 895, “0x5b60004262127500600f60005054031115610de557”

This snippet translates to this:

JUMPDEST :: PUSH_N “0x00” :: TIMESTAMP :: PUSH_N “0x127500” :: PUSH_N “0x0f” :: PUSH_N “0x00” :: POP :: SLOAD :: SUB :: GT :: ISZERO :: PUSH_N “0x0de5” :: JUMPI

It pushes zero and judges some condition and jump to position 3557 if the condition is met. The considered condition involves the current time. If the current time is too big, the execution jumps to position 3557.

Position 923, “0x5b610a7d601254600160a060020a03168156”,

This is the entry point for “extraBalance()”. This is also about pushing values on the stack and jumping.

JUMPDEST :: PUSH_N “0x0a7d” :: PUSH_N “0x12” :: SLOAD :: PUSH_N “0x01”
 :: PUSH_N “0xa0” :: PUSH_N “0x02” :: EXP :: SUB :: AND :: DUP2 :: JUMP

After this, the first stack value is from the storage at index 18, the second value is 2685. These two elements are on top of the original stack. The execution jumps to 2685.

Position 941,
 “0x5b60408051602060248035600481810135601f810185900485028601850190965285855261096695813595919460449492939092019181908401838280828437509496505050505050506000600060006000600060003411156116a857”,

This is the first snippet for “executeProposal”. At the end, depending on the value of the call, the execution jumps to position 5800 or falls through. Before that, the memory and the stack change but the storage is unchanged.

This is a rather long one, so this should be dealt in the coming posts.

Position 1034, “0x61000256”

This snippet jumps to position 2, causing an exception.

PUSH_N “0x0002” :: JUMP

Position 1038, “0x5b610966600435602435604435”,

This is the entry for “transferFrom”.

JUMPDEST :: PUSH_N “0x0966” :: PUSH_N “0x04” :: CALLDATALOAD :: PUSH_N “0x24” :: CALLDATALOAD :: PUSH_N “0x44” :: CALLDATALOAD

This snippet pushes the value 2046 and three values from the user input to the stack and falls through.

Position 1051, “0x5b60115460009060ff16801561043157”,

This snippet looks like this:

JUMPDEST :: PUSH_N “0x11” :: SLOAD :: PUSH_N “0x00” :: SWAP1 :: PUSH_N “0xff” :: AND :: DUP1 :: ISZERO :: PUSH_N “0x0431” :: JUMPI

It reads the value from index 17 of the storage, and apply a mask of 255 (I guess the result represents “isFueled”), and sees if the result is zero. If the result is zero, the execution jumps to 1073. The first stack element becomes the masked value, the second stack element becomes zero.

Position 1067, “0x50600f544211”,

POP :: PUSH_N “0x0f” :: SLOAD :: TIMESTAMP :: GT,

This part throws one element away from the stack. It performs a comparison between between the timestamp and the storage value at index 15 (I guess this value is “closingTime”). The result of the comparison is pushed on the stack. The execution falls through.

Position 1073, “0x5b80156124e957”,

JUMPDEST :: DUP1 :: ISZERO :: PUSH_N “0x24e9” :: JUMPI,

Depending on the first element of the stack, the execution either jumps to position 9449 or falls through.

If we come from above, if the current time is too early, we have a zero on top of the stack and then we jump to position 9449.

Otherwise, if we come from position 1051, the topmost value of the stack is zero, then we jump to 9449 (I see a possible optimization here).

Position 1080, “0x506124e78461044b56”,

POP :: PUSH_N “0x24e7” :: DUP5 :: PUSH_N “0x044b” :: JUMP

This is a continuation of “transferFrom()”. This particular snippet organizes the stack and jumps to position 1099.

After this snippet, the first element of the stack is the one that used to be the fifth element. The second is 9447 (I guess this is the continuation to be followed after the call to “isBlocked()”), and the third is the one that used to be the second element, the fourth is the one that used to be the third element, and so on.

Position 1089, “0x5b610966600061098033”,

JUMPDEST :: PUSH_N “0x0966” :: PUSH_N “0x00” :: PUSH_N “0x0980” :: CALLER,

This is the entry point for “unblockMe().” This snipped just pushes some values and falls through.

Position 1099, “0x5b600160a060020a0381166000908152600b602052604081205481908114156129cb57”,

JUMPDEST :: PUSH_N “0x01” :: PUSH_N “0xa0” :: PUSH_N “0x02” :: EXP :: SUB :: DUP2 :: AND :: PUSH_N “0x00” :: SWAP1 :: DUP2 :: MSTORE :: PUSH_N “0x0b” :: PUSH_N “0x20” :: MSTORE :: PUSH_N “0x40” :: DUP2 :: SHA3 :: SLOAD :: DUP2 :: SWAP1 :: DUP2 :: EQ :: ISZERO :: PUSH_N “0x29cb” :: JUMPI,

By the context, this snippet should be the beginning of “isBlocked(_account)” function. At the top of the stack, the snippet expects the argument “_account”.

This snippet essentially reads something from the storage (using the argument) and compares the result with zero. Depending on the result, the execution jumps to position 10699 or just falls through. Zero means jumping.

The memory also changes. At indices 32 to 63, word “0x11” is written. At indices 0 to 31, the argument “_account” masked with “2¹⁶⁰” is written.

Position 1134, “0x610b9956”,

PUSH_N “0x0b99” :: JUMP

This one is very simple. Jumping to position 2969.

Position 1138, “0x5b6109666006548156”,

This is the entry point for “totalRewardToken()”.

JUMPDEST
 :: PUSH_N “0x0966” :: PUSH_N “0x06” :: SLOAD :: DUP2 :: JUMP,

It pushes 2406 and the storage value at index 6. The execution jumps to position 2406.

Position 1147, “0x5b610966”,

JUMPDEST :: PUSH_N “0x0966”

This is the entry point for “actualBalance().” This part just pushes 2406 and falls through.

Position 1151, “0x5b600d5430600160a060020a0316310361098356”,

JUMPDEST :: PUSH_N “0x0d” :: SLOAD :: ADDRESS :: PUSH_N “0x01” :: PUSH_N “0xa0” :: PUSH_N “0x02” :: EXP :: SUB :: AND :: BALANCE
 :: SUB :: PUSH_N “0x0983” :: JUMP,

This pushes the result of “actualBalance()” on top of the stack. Below that, the storage value at index 13 is pushed. Below that lays the original stack.

After that, the execution jumps to position 2435.

Position 1171, “0x5b610966600f548156”

JUMPDEST :: PUSH_N “0x0966” :: PUSH_N “0x0f” :: SLOAD :: DUP2 :: JUMP,

This is the entry point for “closingTime()”. This pushes two values to the stack and jumps to position 2406.

Position 1180, “0x5b61096660043560046020526000908152604090205460ff168156”,

This is the entry point for “allowedRecipients()”. This snippet does not make a permanent change, and jumps to position 2406.

JUMPDEST :: PUSH_N “0x0966” :: PUSH_N “0x04” :: CALLDATALOAD :: USH_N “0x04” :: PUSH_N “0x20” :: MSTORE :: PUSH_N “0x00” :: SWAP1 :: UP2 :: MSTORE :: PUSH_N “0x40” :: SWAP1 :: SHA3 :: SLOAD :: PUSH_N “0xff” :: AND :: DUP2 :: JUMP,

Position 1207, “0x5b61096660043560243560006124cb61083156”,

JUMPDEST :: PUSH_N “0x0966” :: PUSH_N “0x04” :: CALLDATALOAD :: PUSH_N “0x24” :: CALLDATALOAD :: PUSH_N “0x00” :: PUSH_N “0x24cb”
 :: PUSH_N “0x0831” :: JUMP,

This snippet is the entry point for “transferWithoutReward()”. This part pushes many values to the stack and then jumps to position 2097.

After the jump, the top of the stack is the value 9419. Next 0. The third and the fourth elements are taken from the user input. The fifth is 2406.

Position 1226, “0x5b610a9a6000341115610ba457”,

“refund()” comes here.

JUMPDEST :: PUSH_N “0x0a9a” :: PUSH_N “0x00” :: CALLVALUE
 :: GT :: ISZERO :: PUSH_N “0x0ba4” :: JUMPI,

This snippet pushes 2704 onto the stack, and jumps to position 2980 if the given value is zero. Otherwise the execution falls through.

Position 1239, “0x61000256”

PUSH_N “0x0002” :: JUMP

When “refund()” is called with some positive value, the execution reaches here, jumps to position 2, and throws an exception.

Position 1243

This is the entry point for “newProposal”. This is long (TODO)

Position 1402, “0x5b6109666004356009602052600090815260409020548156”

This is the entry point for “DAOpaidOut()”, but it just writes to the stack and the memory and then jumps to position 2406, which does not cause any permanent changes.

Position 1426, “0x5b6109666001548156”,

JUMPDEST :: PUSH_N “0x0966” :: PUSH_N “0x01” :: SLOAD :: DUP2 :: JUMP,

This the “minQuorumDivisor()”’s entry point that jumps to position 2406.

Position 1435,
 “0x5b610a9a60043530600160a060020a031633600160a060020a03161415806105db57”,

This is the entry point for “newContract()”.

JUMPDEST :: PUSH_N “0x0a9a” :: PUSH_N “0x04” :: CALLDATALOAD :: ADDRESS :: PUSH_N “0x01” :: PUSH_N “0xa0” :: PUSH_N “0x02” :: EXP :: SUB :: AND :: CALLER :: PUSH_N “0x01” :: PUSH_N “0xa0” :: PUSH_N “0x02” :: EXP :: SUB :: AND :: EQ :: ISZERO :: DUP1 :: PUSH_N “0x05db” :: JUMPI,

This part compares the address of the caller and the address of this running contract, and jumps to 1499 if they do not match. If they match the execution falls through.

The result of the comparison is duplicated on the stack, followed by some user input and 2714.

Position 1469, “0x50600160a060020a03811660009081526004602052604090205460ff1615”,

POP :: PUSH_N “0x01” :: PUSH_N “0xa0” :: PUSH_N “0x02” :: EXP :: SUB :: UP2 :: AND :: PUSH_N “0x00” :: SWAP1 :: DUP2 :: MSTORE :: PUSH_N “0x04” :: PUSH_N “0x20” :: MSTORE :: PUSH_N “0x40” :: SWAP1 :: SHA3 :: SLOAD :: PUSH_N “0xff” :: AND :: ISZERO,

This snippet replaces the first element of the stack with some value from the storage (I guess it’s “allowedRecipients[_newContract]” but I haven’t checked the index).

Position 1499, “0x5b156121cb57”,

JUMPDEST :: ISZERO :: PUSH_N “0x21cb” :: JUMPI,

This jumps to position 8651 or falls through, depending on the topmost element of the stack.

Position 1505, “0x6121c856”

PUSH_N “0x21c8” :: JUMP,

This snippet simply jumps to position 8648.

Position 1509, “0x5b610966600435”,

JUMPDEST :: PUSH_N “0x0966” :: PUSH_N “0x04” :: CALLDATALOAD,

This is the entry point for “balanceOf()”. This part pushes two values on top of the stack. After this code, the first element of the stack is the user input at byte position 4–35, the second is 2406, and the rest is the original stack. The execution falls through.

Position 1516, “0x5b600160a060020a038116600090815260146020526040902054”,

JUMPDEST :: PUSH_N “0x01” :: PUSH_N “0xa0” :: PUSH_N “0x02” :: EXP :: SUB :: DUP2 :: AND :: PUSH_N “0x00” :: SWAP1 :: DUP2 :: MSTORE :: PUSH_N “0x14” :: PUSH_N “0x20” :: MSTORE :: PUSH_N “0x40” :: SWAP1 :: SHA3 :: SLOAD,

This snippet writes the first element of the stack to the memory at address 0, writes 20 at address 32, pushes some value from the storage onto the stack (I guess the pushed value is balances[_owner] but I need to check the storage position).

Position 1542, “0x5b91905056”,

JUMPDEST :: SWAP2 :: SWAP1 :: POP :: JUMP,

This snipped jumps to the position specified by the third element of the stack at the time of entry. After the jump, the stack’s first element is the original first element, but the second element is the fourth element, the third element is the fifth element, and so on.

If we come here from above, from the “balanceOf()” entry point, the jump destination is position 2406.

Position 1547, “0x5b6109666004356024356000600034111561259957”,

JUMPDEST :: PUSH_N “0x0966” :: PUSH_N “0x04” :: CALLDATALOAD :: PUSH_N “0x24” :: CALLDATALOAD :: PUSH_N “0x00” :: PUSH_N “0x00” :: CALLVALUE :: GT :: ISZERO :: PUSH_N “0x2599” :: JUMPI,

This is the entry point for “changeAllowedRecipients(address,bool)”.

After this snippet, the first element of the stack is 0, the second and the third elements come from the user’s input, the fourth element is 2406, and the rest is the original stack.

The memory and the storage do not change. If the sent value is more than zero, the execution falls through. Otherwise the execution jumps to 9625.

Position 1568, “0x61000256”,

PUSH_N “0x0002” :: JUMP,

The snippet jumps to position 2, causing an exception.

Position 1572, “0x5b610966600062e6b6804203600260005054108061065057”,

JUMPDEST :: PUSH_N “0x0966” :: PUSH_N “0x00” :: PUSH_N “0xe6b680” :: TIMESTAMP :: SUB :: PUSH_N “0x02” :: PUSH_N “0x00” :: POP :: SLOAD
 :: LT :: DUP1 :: PUSH_N “0x0650” :: JUMPI,

This is the entry point of “halveMinQuorum()”.

After this snippet, the first stack element is a result of a certain comparison that I describe below. The second element is zero, the third is 2406, and the rest is the original stack.

The first stack element is duplicated and is also used to determine the coming control flow. This element is the result of the comparison between the storage content at index 2 (now we know that at this position “lastTimeMinQuorumMet” is written) and the current time minus 15120000.

If the current time is late enough, the execution jumps to 1616. Otherwise the execution falls through.

Position 1596, “0x50600354600160a060020a039081163390911614”,

POP :: PUSH_N “0x03” :: SLOAD :: PUSH_N “0x01” :: PUSH_N “0xa0” :: PUSH_N “0x02” :: EXP :: SUB :: SWAP1 :: DUP2 :: AND :: CALLER
 :: SWAP1 :: SWAP2 :: AND :: EQ,

This snippet first throws away the first element of the stack and instead pushed the result of another comparison. The comparison is between the caller of this execution and the address stored at storage index 3 (now we know that this location contains the “curator”). The execution falls through with this address.

Position 1616, “0x5b801561066457”,

JUMPDEST :: DUP1 :: ISZERO :: PUSH_N “0x0664” :: JUMPI,

The execution might come from directly above or from position 1572 (and this seems like the correct implementation of || operator). This snippet does not change the stack, the memory or the storage. The execution jumps to 1636 if the first stack element is zero. Otherwise the execution falls through.

Position 1623, “0x50600254621274ff1942019010”,

POP :: PUSH_N “0x02” :: SLOAD :: PUSH_N “0x1274ff” :: NOT :: TIMESTAMP :: ADD :: SWAP1 :: LT,

This snippet first throws away the first stack element and pushes the result of a comparison. The comparison is between the value at storage index 2 and the result of “current_time + ~(1209599)” where “~” represents the bitwise negation. I guess this is an optimized form of “now — minProposalDebatePeriod” but I haven’t checked.

Position 1636, “0x5b1561261457”,

JUMPDEST :: ISZERO :: PUSH_N “0x2614” :: JUMPI,

This snippet simply jumps to position 9748 if the first stack element is zero. This first stack element is thrown away by the time the execution continues.

Position 1642, “0x5042600290815560018054909102815561098356”,

POP :: TIMESTAMP :: PUSH_N “0x02” :: SWAP1 :: DUP2 :: SSTORE :: PUSH_N “0x01” :: DUP1 :: SLOAD :: SWAP1 :: SWAP2 :: MUL :: DUP2 :: SSTORE :: PUSH_N “0x0983” :: JUMP,

This snippet removes the first element of the stack and replaces it with one. Moreover, it changes the storage. At index 2, the current time is written. The value at index 1 is doubled (now we know that index 1 contains “minQuorumDivisor”).

The execution jumps to position 2435.

Position 1662, “0x5b610966600435600a602052600090815260409020548156”,

JUMPDEST :: PUSH_N “0x0966” :: PUSH_N “0x04” :: CALLDATALOAD :: PUSH_N “0x0a” :: PUSH_N “0x20” :: MSTORE :: PUSH_N “0x00” :: SWAP1
 :: DUP2 :: MSTORE :: PUSH_N “0x40” :: SWAP1 :: SHA3 :: SLOAD :: DUP2 :: JUMP,

This is the entry point for “paidOut(address)”

The snippet changes the memory and the stack. At memory address 0, some user input is written, and at memory address 32, “0x0a” is written. A SHA-3 hash is computed from these and the result is pushed as the first element of the stack. The second element becomes 2406.

The execution jumps to position 2406.

Position 1686,
 “0x5b610966600435602435600060006000600060006000341115611ba157”,

JUMPDEST :: PUSH_N “0x0966” :: PUSH_N “0x04” :: CALLDATALOAD :: PUSH_N “0x24” :: CALLDATALOAD :: PUSH_N “0x00” :: PUSH_N “0x00” :: PUSH_N “0x00” :: PUSH_N “0x00” :: PUSH_N “0x00” :: PUSH_N “0x00” :: CALLVALUE :: GT :: ISZERO :: PUSH_N “0x1ba1” :: JUMPI,

This is the entry point for “splitDAO”. This snippet pushes many values on the stack and conditionally jumps to position 7073.

After this snippet, the first five elements of the stack are all zero, the sixth and the seventh come from the user input, the eighth is 2406, and the rest is the original stack.

If the value of this call is not zero, the execution falls through. Otherwise the execution jumps to position 7073.

Position 1715, “0x61000256”,

PUSH_N “0x0002” :: JUMP,

This part jumps to position 2, causing an exception.

Position 1719, “0x5b610a7d600854600160a060020a03168156”,

JUMPDEST :: PUSH_N “0x0a7d” :: PUSH_N “0x08” :: SLOAD :: PUSH_N “0x01”
 :: PUSH_N “0xa0” :: PUSH_N “0x02” :: EXP :: SUB :: AND :: DUP2 :: JUMP,

This is the entry point for DAOrewardAccount(). The execution jumps to position 2685 after this snippet.

This snippet does not change the memory or the storage but pushes some values to the stack. After the execution jumps, the stack’s first element is the storage content at index 8 (masked with 2¹⁶⁰), the second element is 2685, and the rest is the original stack.

Position 1737, “0x5b610966600c548156”,

JUMPDEST :: PUSH_N “0x0966” :: PUSH_N “0x0c” :: SLOAD :: DUP2 :: JUMP,

This is the entry point for “proposalDeposit()”. This snippet pushes two values to the storage and jumps to position 2406. After the jump, the first element of the stack is the storage content at index 12, and the second element is 2406.

Position 1746, “0x5b6109666000546000190161098356”,

JUMPDEST :: PUSH_N “0x0966” :: PUSH_N “0x00” :: SLOAD :: PUSH_N “0x00” :: NOT :: ADD :: PUSH_N “0x0983” :: JUMP,

This is the entry point for “numberOfProposals()”. This snippet pushes some values to the stack and jumps to position 2435. After the jump, the first element of the stack becomes the storage content at index 0 minus one, and the second element becomes 2406.

Position 1761, “0x5b6109666002548156”,

JUMPDEST :: PUSH_N “0x0966” :: PUSH_N “0x02” :: SLOAD :: DUP2 :: JUMP,

This is the entry point for “lastTimeMinQuorumMet()”. This snippet pushes some values to the stack and jumps to position 2406. After the jump the first element of the stack is the storage content at index 2, and the second element is 2406.

Position 1770, “0x5b61096660043560006000600060003411156121fc57”,

JUMPDEST :: PUSH_N “0x0966” :: PUSH_N “0x04” :: CALLDATALOAD :: PUSH_N “0x00” :: PUSH_N “0x00” :: PUSH_N “0x00” :: PUSH_N “0x00”
 :: CALLVALUE :: GT :: ISZERO :: PUSH_N “0x21fc” :: JUMPI,

This is the entry point for “retrieveDAOReward()”. If the sent value is greater than zero, the execution falls through. Otherwise the execution jumps to position 8700.

After the last JUMPI instruction, the stack’s first three elements are all zero, the fourth element is taken from the user input, the fifth element is 2406, and the rest is the original stack.

Position 1792, “0x61000256”,

PUSH_N “0x0002” :: JUMP,

This snippet jumps to position 2, causing an exception.

Position 1796, “0x5b610966”,

JUMPDEST :: PUSH_N “0x0966”,

This is the entry point for “receiveEther()”. This snippet simply pushes 2406 onto the stack.

Position 1800, “0x5b600161098356”,

JUMPDEST :: PUSH_N “0x01” :: PUSH_N “0x0983” :: JUMP,

This snippet pushes one onto the stack and jumps to position 2435 (now I guess this pushed one is the return value).

Position 1807, “0x5b60115460009060ff16801561072f57”,

JUMPDEST :: PUSH_N “0x11” :: SLOAD :: PUSH_N “0x00” :: SWAP1
 :: PUSH_N “0xff” :: AND :: DUP1 :: ISZERO :: PUSH_N “0x072f” :: JUMPI,

This is the entry point for “transfer()”.

This snippet takes the value at storage index 17, masks it with 255 and puts the result on top of the stack. The masked value is duplicated and is also used to determine the continuation. If the masked value is zero the execution jumps to position 1839. Otherwise the execution falls through.

Position 1833, “0x50600f544211”,

POP :: PUSH_N “0x0f” :: SLOAD :: TIMESTAMP :: GT,

This snippet throws away the first element of the stack, reads the storage content at index 15, and compares it with the current time to see if the current time stamp is greater. The result of the comparison is pushed onto the stack.

Position 1839, “0x5b801561248757”,

JUMPDEST :: DUP1 :: ISZERO :: PUSH_N “0x2487” :: JUMPI,

Depending on the first element of the stack, the execution jumps to position 9351 or falls through.

Position 1846, “0x506124853361044b56”,

POP :: PUSH_N “0x2485” :: CALLER :: PUSH_N “0x044b” :: JUMP,

This snippet jumps to position 1099 (“isBlocked()”). After the jump, the first stack element is the address of the caller, the second is 9349, the third is the second element of the original stack, and the rest comes from the original stack from its third element and on.

Position 1855, “0x5b61096660115460ff168156”,

JUMPDEST :: PUSH_N “0x0966” :: PUSH_N “0x11” :: SLOAD :: PUSH_N “0xff” :: AND :: DUP2 :: JUMP,

This is for “isFueled()”. This snippet pushes some values onto the stack and jumps to position 2406. There the snippet at position 2406 does not alter storage and returns.

Position 1867, “0x5b610966600435”,

JUMPDEST :: PUSH_N “0x0966” :: PUSH_N “0x04” :: CALLDATALOAD,

This is the entry point for “createTokenProxy()”. After this snippet the stack’s first element is taken from the user’s input, the second element is 2406, and the rest is the original stack.

The execution falls through.

Position 1874, “0x5b60006000600f600050544210801561076a57”,

JUMPDEST :: PUSH_N “0x00” :: PUSH_N “0x00” :: PUSH_N “0x0f”
 :: PUSH_N “0x00” :: POP :: SLOAD :: TIMESTAMP :: LT
 :: DUP1 :: ISZERO :: PUSH_N “0x076a” :: JUMPI,

This snippet reads the storage at index 15, and compares it with the current timestamp. If the timestamp is smaller, the execution falls through. Otherwise the execution jumps to position 1898.

After this snippet, the first stack element is the result of the comparison. The second and the third are zero. The fourth and on are the original stack content.

Position 1893, “0x5060003411”,

POP :: PUSH_N “0x00” :: CALLVALUE :: GT,

This snippet removes the first element of the stack and instead puts if the call value is zero or not.

Position 1898, “0x5b80156107a457”,

JUMPDEST :: DUP1 :: ISZERO :: PUSH_N “0x07a4” :: JUMPI,

Depending on the first element of the stack, the execution either jumps to 1956 or falls through.

Position 1905, “0x506011546101009004600160a060020a0316600014806107a457”,

POP :: PUSH_N “0x11” :: SLOAD :: PUSH_N “0x0100” :: SWAP1 :: DIV :: PUSH_N “0x01” :: PUSH_N “0xa0” :: PUSH_N “0x02” :: EXP :: SUB
 :: AND :: PUSH_N “0x00” :: EQ :: DUP1 :: PUSH_N “0x07a4” :: 
 JUMPI,

This snippet reads the storage content at index 17, takes one address out of it, and compares it with zero. If zero, the execution the execution jumps to position 1956. Otherwise the execution falls through.

Position 1931, “0x506011546101009004600160a060020a039081163390911614”,

POP :: PUSH_N “0x11” :: SLOAD :: PUSH_N “0x0100” :: SWAP1 :: DIV :: PUSH_N “0x01” :: PUSH_N “0xa0” :: PUSH_N “0x02” :: EXP :: SUB
 :: SWAP1 :: DUP2 :: AND :: CALLER :: SWAP1 :: SWAP2 :: AND :: EQ,

We are still in “createTokenProxy()”. Now I guess the storage index 17 contains “privateCreation” among other things. This snippet compares this value with the address of the caller. The result of the comparison just replaces the first element of the stack.

The execution continues below.

Position 1956, “0x5b15610b9f57”,

JUMPDEST :: ISZERO :: PUSH_N “0x0b9f” :: JUMPI,

Depending on the first element of the stack, the execution jumps to position 2975 or continues below. If we come from “createTokenProxy()”, if the caller’s address is equal to the stored address, the execution continues.

Position 1962, “0x610a9c61037f56”,

PUSH_N “0x0a9c” :: PUSH_N “0x037f” :: JUMP

This snippet jumps to position 895. After the jump, the first element of the stack is 2171. The rest of the stack is the original stack at the entry to this snippet.

Position 1969, “0x5b610a7d6004356000600060005082815481101561000257”,

This is the entry point for “getNewDAOAddress(uint256)”.

JUMPDEST :: PUSH_N “0x0a7d” :: PUSH_N “0x04” :: CALLDATALOAD :: PUSH_N “0x00” :: PUSH_N “0x00” :: PUSH_N “0x00” :: POP :: DUP3 :: DUP2 :: SLOAD :: DUP2 :: LT :: ISZERO :: PUSH_N “0x0002” :: JUMPI,

This snippet compares the storage content at index 0 against some user input. If the user input is smaller enough the execution continues below. Otherwise the execution jumps to position 2, causing an exception.

After this snippet, the first element on the stack is taken from the user input, the second and the third elements are zero, the fourth element is the same user input, the fifth element is 2685, and the rest is the original stack content.

I guess this snippet checks the length of array “proposals”.

Position 1993,
 “0x50508080527f290decd9548b62a8d60345a988386fc84ba6bc95484008f6362f93160ef3e56b600e8302018054829081101561000257”,

POP :: POP :: DUP1 :: DUP1 :: MSTORE :: PUSH_N
 “0x290decd9548b62a8d60345a988386fc84ba6bc95484008f6362f93160ef3e56b”
 :: PUSH_N “0x0e” :: DUP4 :: MUL :: ADD :: DUP1 :: SLOAD :: DUP3 :: SWAP1
 :: DUP2 :: LT :: ISZERO :: PUSH_N “0x0002” :: JUMPI,

The fourth element of the stack (the user input for “_proposalID”) is used to access the storage. The result is compared with the third element on the stack (zero). If the storage content is larger than zero, the execution the execution continues. Otherwise the execution jumps to position 2, causing an exception.

After this snippet, the first element of the stack is what used to be the third element (zero), the second element is the index used for the storage access above, the third item and on are the same as at the entry to this snippet.

Position 2047, “0x5081526020902060030154600160a060020a031661060656”,

POP :: DUP2 :: MSTORE :: PUSH_N “0x20” :: SWAP1 :: SHA3 :: PUSH_N “0x03” :: ADD :: SLOAD :: PUSH_N “0x01” :: PUSH_N “0xa0” :: PUSH_N “0x02”
 :: EXP :: SUB :: AND :: PUSH_N “0x0606” :: JUMP,

This snippet jumps to position 1542 after preparing the stack.

After the jump, the first element of the stack is some storage content interpreted as an address, the second element is what used to be the fourth element, the third element is what used to be the fifth element, and so on.

The third element, what is used to be the fifth element, determines the jump destination after position 1542. It is 2685.

Position 2071, “0x5b61096660043560243560006000610e1b336105ec56”,

JUMPDEST :: PUSH_N “0x0966” :: PUSH_N “0x04” :: CALLDATALOAD
 :: PUSH_N “0x24” :: CALLDATALOAD :: PUSH_N “0x00” :: PUSH_N “0x00”
 :: PUSH_N “0x0e1b” :: CALLER :: PUSH_N “0x05ec” :: JUMP,

This is the entry point for “vote()”. This snippet prepares some stack contents and jumps to position 1516 (this retrieves the Token balance of the voter).

We enter position 1516 with the stack contents as follows. The first stack element is the address of the caller. The second element is 3611, the third and the fourth are zero, the fifth and the sixth are taken from the user input, the seventh is 2406.

(TODO: describe what happens after jumping to position 1516.)

Position 2093, “0x5b610966”,

JUMPDEST :: PUSH_N “0x0966”,

This is the entry point for “getMyReward()”. This snippet just pushes 2406 on the stack and falls through.

Position 2097, “0x5b6000600034111561247c57”,

JUMPDEST :: PUSH_N “0x00” :: PUSH_N “0x00” :: CALLVALUE :: GT :: ISZERO :: PUSH_N “0x247c” :: JUMPI,

This part judges if the sent value is zero or more. If zero, the execution jumps to position 9340. Otherwise the execution falls through.

Position 2109, “0x61000256”,

PUSH_N “0x0002” :: JUMP,

This snippet simply jumps to position 2, causing an exception.

Position 2113, “0x5b6109666004356005602052600090815260409020548156”,

JUMPDEST :: PUSH_N “0x0966” :: PUSH_N “0x04” :: CALLDATALOAD :: PUSH_N “0x05” :: PUSH_N “0x20” :: MSTORE :: PUSH_N “0x00” :: SWAP1
 :: DUP2 :: MSTORE :: PUSH_N “0x40” :: SWAP1 :: SHA3 :: SLOAD :: DUP2 :: JUMP,

This is the entry point for “rewardToken(address)”. This snippet pushes some values onto the stack and jumps to position 2406. Position 2406 does not leave permanent changes but returns.

Position 2137, “0x5b610966600435602435604435600061252f84”,

JUMPDEST :: PUSH_N “0x0966” :: PUSH_N “0x04” :: CALLDATALOAD
 :: PUSH_N “0x24” :: CALLDATALOAD :: PUSH_N “0x44” :: CALLDATALOAD
 :: PUSH_N “0x00” :: PUSH_N “0x252f” :: DUP5,

This is the entry point for “transferFromWithoutReward(address,address,uint256)”.

This snippet pushes some values onto the stack and the execution falls through.

After this snippet, the first element of the stack is taken from the user input, the second is 9519, the third is 0, the fourth, the fifth and the sixth is taken from the user input, the seventh is 2406.

Position 2156, “0x5b6000600060003411156127ac57”,

JUMPDEST :: PUSH_N “0x00” :: PUSH_N “0x00” :: PUSH_N “0x00”
 :: CALLVALUE :: GT :: ISZERO :: PUSH_N “0x27ac” :: JUMPI,

If the sent value is zero, the execution jumps to position 10156. Otherwise the execution falls through.

After this snippet, the first two elements on the stack are zero. The rest is the original stack.

Position 2170, “0x61000256”,

PUSH_N “0x0002” :: JUMP,

This part jumps to position 2, causing an exception.

Position 2174,
 “0x5b610966600435602435600160a060020a0382811660009081526015602090815260408083209385168352929052205461033f56”,

JUMPDEST :: PUSH_N “0x0966” :: PUSH_N “0x04” :: CALLDATALOAD :: PUSH_N “0x24” :: CALLDATALOAD :: PUSH_N “0x01” :: PUSH_N “0xa0”
 :: PUSH_N “0x02” :: EXP :: SUB :: DUP3 :: DUP2 :: AND :: PUSH_N “0x00”
 :: SWAP1 :: DUP2 :: MSTORE :: PUSH_N “0x15” :: PUSH_N “0x20” :: 
 SWAP1 :: DUP2 :: MSTORE :: PUSH_N “0x40” :: DUP1 :: DUP4 :: SHA3
 :: SWAP4 :: DUP6 :: AND :: DUP4 :: MSTORE :: SWAP3 :: SWAP1 :: 
 MSTORE :: SHA3 :: SLOAD :: PUSH_N “0x033f” :: JUMP,

This is the entry point for “allowance()”. This snippet jumps to position 831. After 831, the execution continues from position 2406. This part changes the stack and the memory from address 0 to address 63.

Position 2226, “0x5b610a9a600435600034111561254557”,

JUMPDEST :: PUSH_N “0x0a9a” :: PUSH_N “0x04” :: CALLDATALOAD
 :: PUSH_N “0x00” :: CALLVALUE :: GT :: ISZERO :: PUSH_N “0x2545” :: JUMPI,

This is the entry point for “changeProposalDeposit(uint256)”. If the sent value is more than zero, the execution the execution falls through. Otherwise the execution jumps to position 9541.

After this snippet the first stack element is taken from the user input, the second is 2714, and the rest is the original stack content. This snippet does not alter the memory or the storage.

Position 2242, “0x61000256”,

PUSH_N “0x0002” :: JUMP

This snippet jumps to position 2, causing an exception.

Position 2246, “0x5b610966600435600b602052600090815260409020548156”,

JUMPDEST :: PUSH_N “0x0966” :: PUSH_N “0x04” :: CALLDATALOAD :: PUSH_N “0x0b” :: PUSH_N “0x20” :: MSTORE :: PUSH_N “0x00” :: SWAP1
 :: DUP2 :: MSTORE :: PUSH_N “0x40” :: SWAP1 :: SHA3 :: SLOAD :: DUP2 :: JUMP,

This is the entry point for “blocked(address)”. This snippet prepares some stack content and jumps to position 2406.

Position 2270, “0x5b610a7d600354600160a060020a03168156”,

JUMPDEST :: PUSH_N “0x0a7d” :: PUSH_N “0x03” :: SLOAD :: PUSH_N “0x01” :: PUSH_N “0xa0” :: PUSH_N “0x02” :: EXP :: SUB :: AND :: DUP2 :: JUMP,

This is the entry point for “curator()”. This prepares some stack content and then jumps to position 2685.

Position 2288

This is the entry point for “checkProposalCode(uint256,address,uint256,bytes)”. This snippet is rather long, and it changes the memory and the stack. In the end, depending on if any value is sent along, the execution jumps to position 4146 or falls through. I think I should come back here in the next posts.

Position 2379, “0x61000256”,

PUSH_N “0x0002” :: JUMP,

This snippet jumps to position 2, causing an exception.

Position 2383, “0x5b610a7d6011546101009004600160a060020a03168156”,

JUMPDEST :: PUSH_N “0x0a7d” :: PUSH_N “0x11” :: SLOAD :: PUSH_N “0x0100” :: SWAP1 :: DIV :: PUSH_N “0x01” :: PUSH_N “0xa0” :: PUSH_N “0x02” :: EXP :: SUB :: AND :: DUP2 :: JUMP,

This is the entry point for “privateCreation()”.

This snippet pushes some values onto the stack and jumps to position 2685.

(SKIPPED)

Position 2406, “0x5b60408051918252519081900360200190f3”,

JUMPDEST :: PUSH_N “0x40” :: DUP1 :: MLOAD :: SWAP2 :: DUP3 :: MSTORE
 :: MLOAD :: SWAP1 :: DUP2 :: SWAP1 :: SUB :: PUSH_N “0x20” :: ADD :: 
 SWAP1 :: RETURN,

This snippet does many things but does not alter the storage. It just returns.

(SKIPPED)

Position 2685,
 “0x5b60408051600160a060020a03929092168252519081900360200190f3”,

JUMPDEST :: PUSH_N “0x40” :: DUP1 :: MLOAD :: PUSH_N “0x01” :: PUSH_N “0xa0” :: PUSH_N “0x02” :: EXP :: SUB :: SWAP3 :: SWAP1 :: SWAP3 :: AND
 :: DUP3 :: MSTORE :: MLOAD :: SWAP1 :: DUP2 :: SWAP1 :: SUB :: PUSH_N “0x20” :: ADD :: SWAP1 :: RETURN,

This snippet modifies the stack and the memory and returns. It does not alter the storage.

Conclusion

I’ve covered the entry points for all functions (except for a few complicated-looking basic blocks). I hope now the lengthy hex codes on the Ethereum blockchain look different. They are not impenetrable mass, but something that makes a lot of sense.

TODOs:

  • create an index of storage positions
  • automate the process of writing things like this
  • dig into the most complicated snippets.